Re: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing
|
From: Christian F. <chr...@ne...> - 2021-12-24 13:22:37
|
I remember that discussion now, thanks. I am not sure if the developers are actively following the mailing list. So it's probably best to ask this question on github. Best, Christian On Fri, Dec 24, 2021 at 12:53:47PM +0000, Srikanth Arunachalam via mod-security-users wrote: > Hi Christian, > > Thanks for getting back to me so quickly. Yes, SecArgumentsLimit is a > Modsec keyword in V3. > This allows to restrict the rule apply to quantity specified in > SecArgumentsLimit. > > We had some performance considerations in the past, when, json payload has > high depth cardinality of list. > Rule id 942460 (Metacharacter search on non-alphanumberic characters \W) > spends lot of time. > > There has also been some discussions on this SecArgumentsLimit on > https://github.com/SpiderLabs/ModSecurity/pull/2234 > > This woks fantastic for JSON based payload. To be more precise, including a > value of SecArgumentsLimit allows to process partial set of payload, rather > than the whole file. > > We couldnt apply the same for the XML payload is the concern I have raised > in this forum. > > Kind Regards > Srikanth Arunachalam > > On Thu, Dec 23, 2021 at 11:01 PM Christian Folini < > chr...@ne...> wrote: > > > Hey Srikanth, > > > > I'm not familia with SecArgumentsLimit. Is it a v3 directive? > > > > What do you want it to do exactly with your XML payload? > > > > Best, > > > > Christian Folini > > > > On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via > > mod-security-users wrote: > > > Hi > > > > > > We have a not very large XML payload (3mb) with tags including > > > multiple entries separated with comma. > > > > > > When I remove the comma separation the WAF process takes about 14sec > > to > > > complete. > > > When I include the comma separation lists in XML tag, it complex in 29 > > > seconds. > > > > > > Had this been a json payload, I would have used SecArgumentsLimit. It has > > > not been effective in XML. > > > > > > Any sooner suggestion/response would be appreciated. > > > > > > Kind Regards > > > Srikanth Arunachalam > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
